Last active
January 17, 2019 20:44
-
-
Save mrsarm/24e96f47d73c2b2c5800829abfc202b6 to your computer and use it in GitHub Desktop.
applogs.sh: Show logs from AWS Cloud Watch Logs from a given group/stream in a human readable way (see requirements below)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # applogs.sh | |
| # | |
| # Show logs from AWS Cloud Watch Logs from a given group/stream | |
| # in a human readable way. | |
| # | |
| # Requires awscli and jq 1.5+, and if you are using Mac OS also | |
| # needs coreutils installed. | |
| # | |
| if [ "$#" == 0 -o "$1" == "-h" -o "$1" == "--help" ] | |
| then | |
| cat >&2 <<-'EOF' | |
| Use: applogs.sh [GROUP-NAME (default application-logs)/]STREAM-NAME [TIME (default '5 min ago')] [PATTERN] [REGEX] | |
| Examples: | |
| applogs.sh chk-core-staging Logs since 5 minutes ago from chk-core-staging stream from application-logs group | |
| applogs.sh persistent-logs/chk-core-ci '10 min ago' Logs since 15 minutes ago from chk-core-ci stream from persistent-logs group | |
| applogs.sh gifts-core-prod '1 hour ago' 'Saving' Logs since 1 hour ago from gifts-core-prod stream with 'Saving' word present | |
| applogs.sh api-core-ci '2017-04-25T09:00' '"Saving new"' Logs since Apr 25 2017 9 AM from api-core-ci stream with "Saving new" message present | |
| applogs.sh gifts-core-ci '2 days ago' Gift 'status=(DRAFT|OPEN)' Logs since 2 days ago from gifts-core-ci stream with "Gift" word present, and then | |
| filter with the regex expression 'status=(DRAFT|OPEN)' | |
| NOTE: The parameter PATTERN is a plain text, REGEX is a valid regex expression, but PATTERN is applied server side | |
| by AWS (faster and less transmitted data), REGEX instead is applied with egrep once the data comes (slower), | |
| but you can use both params to improve results. | |
| EOF | |
| exit -1 | |
| fi | |
| STREAM="$(echo $1 | egrep -o "[[:alnum:]-]*$" | egrep -o "[[:alnum:]-]*")" | |
| GROUP="$(echo $1 | egrep -o "^[[:alnum:]-]*/" | egrep -o "[[:alnum:]-]*")" | |
| if [ "$GROUP" == "" ] | |
| then | |
| GROUP="application-logs" | |
| fi | |
| PLATFORM=$(uname -s) | |
| DATE_CMD="$(command -v date)" | |
| if [ "$DATE_CMD" == "" -o "$PLATFORM" != "Linux" ] | |
| then | |
| if [ "$(command -v gdate)" != "" ] | |
| then | |
| DATE_CMD="$(command -v gdate)" | |
| fi | |
| fi | |
| TIME=$($DATE_CMD -d "5 min ago" +"%s000") | |
| if [ "$#" -gt 1 ] | |
| then | |
| TIME=$($DATE_CMD -d "$2" +"%s000") | |
| fi | |
| PATTERN="" | |
| if [ "$#" -gt 2 ] | |
| then | |
| PATTERN="$3" | |
| fi | |
| REGEX="" | |
| if [ "$#" -gt 3 ] | |
| then | |
| REGEX="$4" | |
| fi | |
| # Run awscli | |
| if [ "$REGEX" == "" ]; then | |
| aws logs filter-log-events --log-group-name $GROUP --log-stream-name "$STREAM" --start-time $TIME \ | |
| --filter-pattern "$PATTERN" | jq -r '.events[].message' #| grep -F $PATTERN --color | |
| else | |
| aws logs filter-log-events --log-group-name $GROUP --log-stream-name "$STREAM" --start-time $TIME \ | |
| --filter-pattern "$PATTERN" | jq '.events[].message' | egrep --regexp="$REGEX" | jq -r . | egrep --color --regexp=$REGEX\|$ | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Need pre-instaled awscli and jq 1.5+, and if you are using a Mac OS also need coreutils.